Search Results

Search found 3985 results on 160 pages for 'contexts and dependency injection'.

Page 3/160 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Circular dependencies in StructureMap - can they be broken with property injection?

    - by Andy
    Hi, I've got the simplest kind of circular dependency in structuremap - class A relies on class B in its constructor, and class B relies on class A in its constructor. To break the dependency, I made class B take class A as a property, rather than a constructor argument, but structuremap still complains. I've seen circular dependencies broken using this method in other DI frameworks - is this a problem with Structuremap or am I doing something wrong? Edit: I should mention that class B's property is an array of class A instances, wired up like this: x.For<IB>().Singleton().Use<B>().Setter(y => y.ArrayOfA).IsTheDefault();

    Read the article

  • set service dependency on internet connection

    - by nccsbim071
    Hi, I have created a window service and set some dependencies like on MSMQ, MSSQLSERVER and so. Everything is working nice. but i need to send another dependency for my service. That is on internet connection. My service is responsible for sending emails. As soon my server starts, my service starts too and it finds if there is anything to send, if there is, it starts to send email, if during sending it is not able to connect to the internet it cannot send email. so i guess i should set my service dependency on internet connection too. I already set my window service dependency to MicrosoftSQL Server and Microsoft Message Queuing by editing the registry value. by adding new multi string value named "DependOnService", Type "REG_MULTI_SZ" and space separated names of the services that my service depends upon for the Data. For Microsoft SQL Server i set the value to "MSSQLSERVER" but i don't know the name of the internet service that i need to set dependency upon. how can i do this, any help please Thanks

    Read the article

  • Questioning the motivation for dependency injection: Why is creating an object graph hard?

    - by oberlies
    Dependency injection frameworks like Google Guice give the following motivation for their usage (source): To construct an object, you first build its dependencies. But to build each dependency, you need its dependencies, and so on. So when you build an object, you really need to build an object graph. Building object graphs by hand is labour intensive (...) and makes testing difficult. But I don't buy this argument: Even without dependency injection, I can write classes which are both easy to instantiate and convenient to test. E.g. the example from the Guice motivation page could be rewritten in the following way: class BillingService { private final CreditCardProcessor processor; private final TransactionLog transactionLog; // constructor for tests, taking all collaborators as parameters BillingService(CreditCardProcessor processor, TransactionLog transactionLog) { this.processor = processor; this.transactionLog = transactionLog; } // constructor for production, calling the (productive) constructors of the collaborators public BillingService() { this(new PaypalCreditCardProcessor(), new DatabaseTransactionLog()); } public Receipt chargeOrder(PizzaOrder order, CreditCard creditCard) { ... } } So dependency injection may really be an advantage in advanced use cases, but I don't need it for easy construction and testability, do I?

    Read the article

  • Can higher-order functions in FP be interpreted as some kind of dependency injection?

    - by Giorgio
    According to this article, in object-oriented programming / design dependency injection involves a dependent consumer, a declaration of a component's dependencies, defined as interface contracts, an injector that creates instances of classes that implement a given dependency interface on request. Let us now consider a higher-order function in a functional programming language, e.g. the Haskell function filter :: (a -> Bool) -> [a] -> [a] from Data.List. This function transforms a list into another list and, in order to perform its job, it uses (consumes) an external predicate function that must be provided by its caller, e.g. the expression filter (\x -> (mod x 2) == 0) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] selects all even numbers from the input list. But isn't this construction very similar to the pattern illustrated above, where the filter function is the dependent consumer, the signature (a -> Bool) of the function argument is the interface contract, the expression that uses the higher-order is the injector that, in this particular case, injects the implementation (\x -> (mod x 2) == 0) of the contract. More in general, can one relate higher-order functions and their usage pattern in functional programming to the dependency injection pattern in object-oriented languages? Or in the inverse direction, can dependency injection be compared to using some kind of higher-order function?

    Read the article

  • Questioning one of the arguments for dependency injection: Why is creating an object graph hard?

    - by oberlies
    Dependency injection frameworks like Google Guice give the following motivation for their usage (source): To construct an object, you first build its dependencies. But to build each dependency, you need its dependencies, and so on. So when you build an object, you really need to build an object graph. Building object graphs by hand is labour intensive (...) and makes testing difficult. But I don't buy this argument: Even without dependency injection, I can write classes which are both easy to instantiate and convenient to test. E.g. the example from the Guice motivation page could be rewritten in the following way: class BillingService { private final CreditCardProcessor processor; private final TransactionLog transactionLog; // constructor for tests, taking all collaborators as parameters BillingService(CreditCardProcessor processor, TransactionLog transactionLog) { this.processor = processor; this.transactionLog = transactionLog; } // constructor for production, calling the (productive) constructors of the collaborators public BillingService() { this(new PaypalCreditCardProcessor(), new DatabaseTransactionLog()); } public Receipt chargeOrder(PizzaOrder order, CreditCard creditCard) { ... } } So there may be other arguments for dependency injection (which are out of scope for this question!), but easy creation of testable object graphs is not one of them, is it?

    Read the article

  • How can I bind the same dependency to many dependents in Ninject?

    - by Mike Bantegui
    Let's I have three interfaces: IFoo, IBar, IBaz. I also have the classes Foo, Bar, and Baz that are the respective implementations. In the implementations, each depends on the interface IContainer. So for the Foo (and similarly for Bar and Baz) the implementation might read: class Foo : IFoo { private readonly IDependency Dependency; public Foo(IDependency dependency) { Dependency = dependency; } public void Execute() { Console.WriteLine("I'm using {0}", Dependency.Name); } } Let's furthermore say I have a class Container which happens to contain instances of the IFoo, IBar and IBaz: class Container : IContainer { private readonly IFoo _Foo; private readonly IBar _Bar; private readonly IBaz _Baz; public Container(IFoo foo, IBar bar, IBaz baz) { _Foo = foo; _Bar = bar; _Baz = baz; } } In this scenario, I would like the implementation class Container to bind against IContainer with the constraint that the IDependency that gets injected into IFoo, IBar, and IBaz be the same for all three. In the manual way, I might implement it as: IDependency dependency = new Dependency(); IFoo foo = new Foo(dependency); IBar bar = new Bar(dependency); IBaz baz = new Baz(dependency); IContainer container = new Container(foo, bar, baz); How can I achieve this within Ninject? Note: I am not asking how to do nested dependencies. My question is how I can guarantee that a given dependency is the same among a collection of objects within a materialized service. To be extremely explicit, I understand that Ninject in it's standard form will generate code that is equivalent to the following: IContainer container = new Container(new Foo(new Dependency()), new Bar(new Dependency()), new Baz(new Dependency())); I would not like that behavior.

    Read the article

  • Migration and deployement problems JBoss 4.2.2.GA to JBoss 6.0.0.M2

    - by krzyamaneko
    Hi, I'm trying to migrate an application running on JBoss 4.2.2.GA to JBoss 6.0.0.M2 I give you some log to explain my problem : boot.log : 2010-03-16 09:59:29,406 ERROR [org.jboss.system.server.profileservice.ProfileServiceBootstrap] (Thread-2) Failed to load profile: Summary of incomplete deployments (SEE PREVIOUS ERRORS FOR DETAILS): DEPLOYMENTS IN ERROR: Deployment "vfszip:/G:/jboss-6.0.0.M2/server/default/deploy/serveur.jar/" is in error due to the following reason(s): java.lang.IllegalStateException: Factory$org.jboss.aspects.remoting.InvokeRemoteInterceptor is already installed. server.log : 11:58:33,156 ERROR [AbstractKernelController] Error installing to PostClassLoader: name=vfszip:/G:/jboss-6.0.0.M2/server/default/deploy/serveur.jar/ state=ClassLoader mode=Manual requiredState=PostClassLoader: org.jboss.deployers.spi.DeploymentException: Cannot process metadata at org.jboss.deployers.spi.DeploymentException.rethrowAsDeploymentException(DeploymentException.java:49) at org.jboss.deployment.AnnotationMetaDataDeployer.deploy(AnnotationMetaDataDeployer.java:196) at org.jboss.deployment.AnnotationMetaDataDeployer.deploy(AnnotationMetaDataDeployer.java:95) at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179) at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1660) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1378) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1431) at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1319) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:378) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2029) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1050) at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1289) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1213) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1107) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:918) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:633) at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:898) at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:677) at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117) at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70) at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53) at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:403) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:378) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2029) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1050) at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1289) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1213) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1107) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:873) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:620) at org.jboss.system.server.profileservice.repository.AbstractProfileService.registerProfile(AbstractProfileService.java:308) at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:259) at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:100) at org.jboss.bootstrap.impl.base.server.AbstractServer.startBootstraps(AbstractServer.java:860) at org.jboss.bootstrap.impl.base.server.AbstractServer$StartServerTask.run(AbstractServer.java:441) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.ClassNotFoundException: common.Main from BaseClassLoader@e1c3a7{vfszip:/G:/jboss-6.0.0.M2/server/default/deploy/serveur.jar/} at org.jboss.classloader.spi.base.BaseClassLoader.loadClass(BaseClassLoader.java:498) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) at org.jboss.deployment.OptAnnotationMetaDataDeployer.processJBossClientMetaData(OptAnnotationMetaDataDeployer.java:105) at org.jboss.deployment.OptAnnotationMetaDataDeployer.processMetaData(OptAnnotationMetaDataDeployer.java:73) at org.jboss.deployment.AnnotationMetaDataDeployer.deploy(AnnotationMetaDataDeployer.java:192) ... 34 more 11:58:40,828 INFO [JMXConnectorServerService] JMX Connector server: service:jmx:rmi://127.0.0.1/jndi/rmi://127.0.0.1:10900/jmxconnector 11:58:46,500 INFO [MailService] Mail Service bound to java:/Mail 11:58:46,593 ERROR [NamingProviderURLWriter] Cannot create a naming service URL file at file:/G:/jboss-6.0.0.M2/server/default/data/jnp-service.url: java.io.IOException: Accès refusé at java.io.WinNTFileSystem.createFileExclusively(Native Method) at java.io.File.createNewFile(File.java:883) at org.jboss.naming.NamingProviderURLWriter.start(NamingProviderURLWriter.java:151) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.reflect.plugins.introspection.ReflectionUtils.invoke(ReflectionUtils.java:59) at org.jboss.reflect.plugins.introspection.ReflectMethodInfoImpl.invoke(ReflectMethodInfoImpl.java:151) at org.jboss.joinpoint.plugins.BasicMethodJoinPoint.dispatch(BasicMethodJoinPoint.java:66) at org.jboss.kernel.plugins.dependency.KernelControllerContextAction$JoinpointDispatchWrapper.execute(KernelControllerContextAction.java:257) at org.jboss.kernel.plugins.dependency.ExecutionWrapper.execute(ExecutionWrapper.java:47) at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchExecutionWrapper(KernelControllerContextAction.java:125) at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchJoinPoint(KernelControllerContextAction.java:72) at org.jboss.kernel.plugins.dependency.LifecycleAction.installActionInternal(LifecycleAction.java:202) at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:54) at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:42) at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62) at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71) at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:378) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2029) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1050) at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1289) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1213) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1107) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:873) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:620) at org.jboss.deployers.vfs.deployer.kernel.BeanMetaDataDeployer.deploy(BeanMetaDataDeployer.java:180) at org.jboss.deployers.vfs.deployer.kernel.BeanMetaDataDeployer.deploy(BeanMetaDataDeployer.java:58) at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62) at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:55) at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179) at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1660) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1378) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1399) at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1319) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:378) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2029) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1050) at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1289) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1213) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1107) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:918) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:633) at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:898) at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:677) at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117) at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70) at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53) at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:403) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:378) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2029) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1050) at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1289) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1213) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1107) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:873) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:620) at org.jboss.system.server.profileservice.repository.AbstractProfileService.registerProfile(AbstractProfileService.java:308) at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:259) at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:100) at org.jboss.bootstrap.impl.base.server.AbstractServer.startBootstraps(AbstractServer.java:860) at org.jboss.bootstrap.impl.base.server.AbstractServer$StartServerTask.run(AbstractServer.java:441) at java.lang.Thread.run(Thread.java:619) this application works fine on JBoss 4.2.2.GA, if someone have any idea, I need some help.

    Read the article

  • Javascript Injection and Sql Script injection

    - by Pranali Desai
    Hi All, I am writing an application and for this to make it safe I have decided to HtmlEncode and HtmlDecode the data to avoid Javascript Injection and Paramaterised queries to avoid Sql Script injection. But I want to know whether these are the best ways to avoid these attacks and what are the other ways to damage the application that I should take into consideration.

    Read the article

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • In dependency injection, is there a simple name for the counterpart of the injected object?

    - by kostja
    In tutorials and books, I have never seen a single word describing the object that the injected object is injected into. Instead, other terms are used, like "injection point" which don't denote the object containing the injected object. And nothing I can think of sounds right, except maybe "injection target" - but I have never read it anywhere. Is there a single word or a simple expression for it, or is it like the "He-Who-Must-Not-Be-Named" from a recent fantasy book series?

    Read the article

  • apt-get install fails due to dependency issues but apt-get -f install won't fix it

    - by user71941
    I've just installed Ubuntu 12.04 and was about to manually install Rawstudio with the packages from SourceForge repo, but I've been stuck with dependency issues and I am short on apt command lines to sort this out. Here's the report I'v got : installArchives() failed: dpkg: dependency problems prevent configuration of libgphoto2-2: libgphoto2-2 depends on libjpeg62; however: Package libjpeg62 is not installed. libgphoto2-l10n (2.4.13-1ubuntu1) breaks libgphoto2-2 (<= 2.4.10.1-4) and is installed. Version of libgphoto2-2 to be configured is 2.4.10.1-0ubuntu3~maverick. dpkg: error processing libgphoto2-2 (--configure): dependency problems - leaving unconfigured No apport report written because MaxReports is reached already dpkg: dependency problems prevent configuration of libgphoto2-2-dev: libgphoto2-2-dev depends on libgphoto2-2 (= 2.4.10.1-0ubuntu3~maverick); however: Package libgphoto2-2 is not configured yet. dpkg: error processing libgphoto2-2-dev (--configure): dependency problems - leaving unconfigured No apport report written because MaxReports is reached already Errors were encountered while processing: libgphoto2-2 libgphoto2-2-dev Error in function: SystemError: E:Sub-process /usr/bin/dpkg returned an error code (1) dpkg: dependency problems prevent configuration of libgphoto2-2: libgphoto2-2 depends on libjpeg62; however: Package libjpeg62 is not installed. libgphoto2-l10n (2.4.13-1ubuntu1) breaks libgphoto2-2 (<= 2.4.10.1-4) and is installed. Version of libgphoto2-2 to be configured is 2.4.10.1-0ubuntu3~maverick. dpkg: error processing libgphoto2-2 (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of libgphoto2-2-dev: libgphoto2-2-dev depends on libgphoto2-2 (= 2.4.10.1-0ubuntu3~maverick); however: Package libgphoto2-2 is not configured yet. dpkg: error processing libgphoto2-2-dev (--configure): dependency problems - leaving unconfigured I've tried "apt-get -f install" but without success. What is the mahick command line that will unblock the situation ? Thanks Seb

    Read the article

  • SQL Injection When Using MySQLi Prepared Statements

    - by Sev
    If all that is used to do any and all database queries is MySQLi prepared statements with bound parameters in a web-app, is sql injection still possible? Notes I know that there are other forms of attack other than sql-injection, but my question is specific to sql-injection attacks on that particular web application only.

    Read the article

  • Rails SQL injection?

    - by yuval
    In Rails, when I want to find by a user given value and avoid SQL injection (escape apostrophes and the like) I can do something like this: Post.all(:conditions => ['title = ?', params[:title]]) I know that an unsafe way of doing this (possible SQL injection) is this: Post.all(:conditions => "title = #{params[:title]}") My question is, does the following method prevent SQL injection or not? Post.all(:conditions => {:title => params[:title]})

    Read the article

  • Avoid SQL Injection with Parameters

    - by simonsabin
    The best way to avoid SQL Injection is with parameters. With parameters you can’t get SQL Injection. You only get SQL Injection where you are building a SQL statement by concatenating your parameter values in with your SQL statement. Annoyingly many TSQL statements don’t take parameters, CREATE DATABASE for instance, or really annoyingly ALTER USER. In these situations you have to rely on using QUOTENAME or REPLACE to avoid SQL Injection. (Kimberly Tripp takes about this in her recent blog post Little...(read more)

    Read the article

  • Is reliance on parametrized queries the only way to protect against SQL injection?

    - by Chris Walton
    All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

    Read the article

  • CSS Validation Warning: Same colors for color and background-color in two contexts

    - by TankDriver
    I am getting a ton of warnings like the ones listed below when I do a CSS validation check via http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fwww.gamefriction.com%2FCoded&profile=css21&usermedium=all&warning=1&lang=en > 513 Same colors for color and > background-color in two contexts > #blue_module and #red_module_top 513 Same colors for color and > background-color in two contexts > .content ul li and #red_module_top 513 > Same colors for color and > background-color in two contexts > #footer_container and #red_module_top 513 Same colors for color and > background-color in two contexts > ul.tabs li a.active and > #red_module_top 513 Same colors for color and background-color in two > contexts #content_960 and > #red_module_top 513 Same colors for color and background-color in two > contexts #content_main and > #red_module_top 513 Same colors for color and background-color in two > contexts .content and #red_module_top > 513 Same colors for color and > background-color in two contexts > #league_module select option and #red_module_top 513 Same colors for color and background-color in two > contexts #red_module and > #red_module_top Any ideas how to fix this? CSS file: gamefriction.com/Coded/css/style.css

    Read the article

  • Dependency isn't included in my assembly, although scope is "compile"

    - by Bernhard V
    Hi! I have the following dependency specified in my project's pom: <dependency> <groupId>org.jboss.client</groupId> <artifactId>jbossall-client</artifactId> <scope>compile</scope> </dependency> My project itself has to be the child of another pom. And in that one, the following is defined: <dependency> <groupId>jboss</groupId> <artifactId>jbossall-client</artifactId> <version>4.2.2</version> <scope>provided</scope> <type>jar</type> </dependency> When I now assembly my program, it seems that the "provided" scope of the parent pom overrides the scope of my project, since the jbossall-client-jar is not included in my assembly. Although it seems illogical to me, maybe it's this feature taking effect here. Do you know a way to include the dependency in my assembly without touching the parent pom?

    Read the article

  • How to combine designable components with dependency injection

    - by Wim Coenen
    When creating a designable .NET component, you are required to provide a default constructor. From the IComponent documentation: To be a component, a class must implement the IComponent interface and provide a basic constructor that requires no parameters or a single parameter of type IContainer. This makes it impossible to do dependency injection via constructor arguments. (Extra constructors could be provided, but the designer would ignore them.) Some alternatives we're considering: Service Locator Don't use dependency injection, instead use the service locator pattern to acquire dependencies. This seems to be what IComponent.Site.GetService is for. I guess we could create a reusable ISite implementation (ConfigurableServiceLocator?) which can be configured with the necessary dependencies. But how does this work in a designer context? Dependency Injection via properties Inject dependencies via properties. Provide default instances if they are necessary to show the component in a designer. Document which properties need to be injected. Inject dependencies with an Initialize method This is much like injection via properties but it keeps the list of dependencies that need to be injected in one place. This way the list of required dependencies is documented implicitly, and the compiler will assists you with errors when the list changes. Any idea what the best practice is here? How do you do it? edit: I have removed "(e.g. a WinForms UserControl)" since I intended the question to be about components in general. Components are all about inversion of control (see section 8.3.1 of the UMLv2 specification) so I don't think that "you shouldn't inject any services" is a good answer. edit 2: It took some playing with WPF and the MVVM pattern to finally "get" Mark's answer. I see now that visual controls are indeed a special case. As for using non-visual components on designer surfaces, I think the .NET component model is fundamentally incompatible with dependency injection. It appears to be designed around the service locator pattern instead. Maybe this will start to change with the infrastructure that was added in .NET 4.0 in the System.ComponentModel.Composition namespace.

    Read the article

  • Missing Dependency Errors when Installing OpenVas Server

    - by David
    I'm trying to install OpenVAS on Red Hat Enterprise Linux 5.5. I've successfully run yum install openvas-client, but yum install openvas-server prints the following errors: --> Finished Dependency Resolution openvas-client-3.0.1-1.el5.art.i386 from installed has depsolving problems --> Missing Dependency: libopenvas_hg.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) openvas-client-3.0.1-1.el5.art.i386 from installed has depsolving problems --> Missing Dependency: libopenvas_nasl.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) openvas-client-3.0.1-1.el5.art.i386 from installed has depsolving problems --> Missing Dependency: libopenvas_omp.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) openvas-scanner-3.2-0.2.el5.art.i386 from atomic has depsolving problems --> Missing Dependency: net-snmp-utils is needed by package openvas-scanner-3.2-0.2.el5.art.i386 (atomic) openvas-client-3.0.1-1.el5.art.i386 from installed has depsolving problems --> Missing Dependency: libopenvas_misc.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) openvas-scanner-3.2-0.2.el5.art.i386 from atomic has depsolving problems --> Missing Dependency: openldap-clients is needed by package openvas-scanner-3.2-0.2.el5.art.i386 (atomic) openvas-client-3.0.1-1.el5.art.i386 from installed has depsolving problems --> Missing Dependency: libopenvas_base.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) Error: Missing Dependency: net-snmp-utils is needed by package openvas-scanner-3.2-0.2.el5.art.i386 (atomic) Error: Missing Dependency: libopenvas_base.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) Error: Missing Dependency: libopenvas_hg.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) Error: Missing Dependency: libopenvas_nasl.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) Error: Missing Dependency: openldap-clients is needed by package openvas-scanner-3.2-0.2.el5.art.i386 (atomic) Error: Missing Dependency: libopenvas_omp.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) Error: Missing Dependency: libopenvas_misc.so.3 is needed by package openvas-client-3.0.1-1.el5.art.i386 (installed) You could try using --skip-broken to work around the problem You could try running: package-cleanup --problems package-cleanup --dupes rpm -Va --nofiles --nodigest The program package-cleanup is found in the yum-utils package. Notice that each of the missing dependencies is followed by the words (installed) or the words (atomic) - for the name of the repository. When I try to install any of these sub-dependencies, the installation fails (either due to missing dependencies or since the rpm is already installed). For example, if I try to install a rpm for "libopenvas_hg.so.3", I get an error message indicating that it is already installed. Yet "libopenvas_hg.so.3" is listed as a missing dependency. Why? Do I need to uninstall all of the "missing" dependences first?

    Read the article

  • Which Dependency Injection Tool Should I Use? (2)

    - by Mendy
    The original post is: Which Dependency Injection Tool Should I Use? While the original post is good, in this days I see a lot of people using StructureMap as their Dependency Injection tool, and in the original post no one even took it seriously. In addition, this quote: If I had to choose today: I would probably go with StructureMap. It has the best support for C# 3.0 language features, and the most flexibility in initialization. Which Dependency Injection Tool Should I Use? Out of this ones: Unity Framework - Microsoft StructureMap - Jeremy Miller Castle Windsor NInject Spring Framework Autofac Managed Extensibility Framework

    Read the article

  • Dependency Walker Not Showing All the Depended Dll

    - by Ngu Soon Hui
    I have a fortran dll, and I want to know the assemblies that it depends on for redistribution purpose. One thing I found out is that the dependency walker doesn't show all of the dependencies, i.e, there are some dlls that my assembly is dependent on, but dependency walker doesn't show it out. An example would be a dll that makes use of intel mkl LAPACK dlls, but the dependency walker doesn't show that dependency. Why this is so? And any idea how to fix this problem, or is there other more reliable tool that I can use?

    Read the article

  • Xpath Injection detection Tool

    - by preeti
    Hi, I am working on xpath Injection attack, so looking forward to build a tool to detect xpath Injection Tool in a website.Is web crawling and scanning be used for this? What can be the Logic to detect it? Are there any open source tools to detect it, so that i can develop it in Java by looking at logic used in that code. Thank You.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >